I found vulnerabilities in two social gaming networks that let you take control of people's Facebook and Twitter accounts using _just_ the UDID. I never published the details of these vulnerabilities, but you can find an official acknowledgement from at least one of these companies (Chillingo of Angry Birds fame) in this WSJ piece:
By "Take control of..." you mean "act with the permissions of the app", I assume? I can't see how Angry Birds the app would ever have full control over my Facebook account unless there's a catastrophic vuln. in the Facebook API.
Chillingo is the publisher of the original Angry Birds, and it's their social network (which is integrated with Angry Birds and therefore on millions of devices) that had the vulnerability.
